Options
All
  • Public
  • Public/Protected
  • All
Menu

Class WebAclReader

Handles permissions according to the WAC specification. Specific access checks are done by the provided AccessChecker.

Hierarchy

Index

Constructors

Properties

Methods

Constructors

constructor

Properties

Private Readonly accessChecker

accessChecker: AccessChecker

Private Readonly aclStore

aclStore: ResourceStore

Private Readonly aclStrategy

aclStrategy: AuxiliaryIdentifierStrategy

Private Readonly identifierStrategy

identifierStrategy: IdentifierStrategy

Protected Readonly logger

logger: Logger = ...

Methods

canHandle

Private createPermissions

  • Creates an Authorization object based on the quads found in the ACL.

    Parameters

    • credentials: Partial<Record<CredentialGroup, Credential>>

      Credentials to check permissions for.

    • acl: Store<Quad, Quad, Quad, Quad>

      Store containing all relevant authorization triples.

    • isAcl: boolean

      If the target resource is an acl document.

    Returns Promise<Partial<Record<CredentialGroup, Partial<Record<AccessMode, boolean>>>>>

Private determinePermissions

  • determinePermissions(acl: Store<Quad, Quad, Quad, Quad>, credentials?: Credential): Promise<AclPermission>

  • Determines the available permissions for the given credentials. Will deny all permissions if credentials are not defined

    Parameters

    • acl: Store<Quad, Quad, Quad, Quad>

      Store containing all relevant authorization triples.

    • Optional credentials: Credential

      Credentials to find the permissions for.

    Returns Promise<AclPermission>

Private filterData

  • filterData(data: Representation, predicate: string, object: string): Promise<Store<Quad, Quad, Quad, Quad>>

  • Finds all triples in the data stream of the given representation that use the given predicate and object. Then extracts the unique subjects from those triples, and returns a Store containing all triples from the data stream that have such a subject.

    This can be useful for finding the acl:Authorization objects corresponding to a specific URI and returning all relevant information on them.

    Parameters

    • data: Representation

      Representation with data stream of internal/quads.

    • predicate: string

      Predicate to match.

    • object: string

      Object to match.

    Returns Promise<Store<Quad, Quad, Quad, Quad>>

    A store containing the relevant triples.

Private getAclRecursive

  • getAclRecursive(id: ResourceIdentifier, recurse?: boolean): Promise<Store<Quad, Quad, Quad, Quad>>

  • Returns the ACL triples that are relevant for the given identifier. These can either be from a corresponding ACL document or an ACL document higher up with defaults. Rethrows any non-NotFoundHttpErrors thrown by the ResourceStore.

    Parameters

    • id: ResourceIdentifier

      ResourceIdentifier of which we need the ACL triples.

    • Optional recurse: boolean

      Only used internally for recursion.

    Returns Promise<Store<Quad, Quad, Quad, Quad>>

    A store containing the relevant ACL triples.

handle

handleSafe

Private updateAclPermissions

  • updateAclPermissions(aclPermissions: AclPermission, isAcl: boolean): AclPermission

  • Sets the correct values for non-acl permissions such as create and delete. Also adds the correct values to indicate that having control permission implies having read/write/etc. on the acl resource.

    The main reason for keeping the control value is so we can correctly set the WAC-Allow header later.

    Parameters

    • aclPermissions: AclPermission
    • isAcl: boolean

    Returns AclPermission